This article was first published on The Bit Journal. Yuga Labs has stepped in to safeguard a collection of high-value NFTs following a security breach in Flooring Protocol that left numerous digital assets vulnerable to theft. According to the company, the whitehat rescue operation was a success and the company moved at-risk NFTs to a safe wallet before the exploiters could further take advantage of the vulnerability.
Yuga Labs Launches NFT Rescue Operation
The operation was begun following an exploit was found in Flooring Protocol on June 8, according to Yuga Labs CEO Michael Figge. The recovered assets include 29 Bored Ape Yacht Club NFTs, 4 Mutant Apes, 1 Bored Ape Kennel Club NFT, 2 CryptoPunks, 1 Azuki, 2 Elementals, 26 Captains, 1 Moonbird, and 2 Doodles.
Before Yuga Labs found another attack path that would pose further threats to assets, Figge said that some NFT collections already had been targeted. Yuga Labs, in turn, initiated a coordinated rescue operation by its blockchain security team, called 0xQuit, and security researcher “Coffee.” The team received funding and temporary custody of NFTs from GrailsOTC, allowing them to rapidly remove vulnerable assets from weak pools.
We’ve just finished a whitehat operation on an exploit discovered in Flooring Protocol.
Now safely in the custody of Yuga Labs:
29 bored apes
4 mutant apes
1 bakc
2 cryptopunks
1 azuki
2 elementals
26 captains
1 moonbird
2 doodles@0xQuit, our VP of Blockchain recovered the…
— figge (@mfigge) June 8, 2026
Yuga Labs Coordinates NFT Recovery Efforts
Once the security vulnerability is fully fixed and verified by the developers of Flooring Protocol, the recovered NFTs will be returned to their rightful owners, according to Yuga Labs. The company stated it is collaborating closely with Flooring Protocol with a view to ensuring a safe asset recovery process.
Through security analysis, 0xQuit found that the exploit was caused by the security flaws in the protocol of Flooring Protocol’s ownership verification and indexing system. The bug reportedly enabled an attacker to generate an almost unlimited amount of fpTokens with minimal wrapped Ether (WETH). These inflated balances might then be cashed out in exchange for NFTs stored in protocol pools.
A Flooring exploit today turned a dust amount of WETH into a near-infinite fpToken balance, allowing the attacker to drain Flooring pools.
This led to a followup opportunist scooping up tokens from the now depleted pools and exchanging them for underlying NFTs.
1/🧵
— Quit (@0xQuit) June 8, 2026
Ghost Ownership Flaw Enabled NFT Exploit
The problem was the vulnerability, which led researchers to say that ownership checks were incorrectly validating malicious token IDs, which was dubbed “ghost ownership.” Another accounting error was reported to have caused the balance to underflow, dramatically boosting an attacker’s supply of tokens. These over-inflated balances would enable the attackers to control token prices, remove liquidity, and pull out underlying NFTs.
In a statement, the representative of FloorProtocol (0xFreeLunch) admitted the vulnerability impacted both FloorProtocol V2 and BitmapPunks. The projects were based on contracts that generated fungible tokens that were backed by NFTs deposited into the protocol vaults. It was undetected after several security reviews until exploited.
1/
Today, an exploit occurred affecting FloorProtocol V2 and BitmapPunks.
Both projects share a similar core contract structure: all fungible tokens issued are pegged 1:1 to the NFTs locked in the contract, allowing users to convert back and forth freely.
— FreeLunchCapital (@0xFreeLunch) June 8, 2026
Flooring Protocol Faces Continued Security Risks
0xQuit issued a warning on the risks of depositing more NFTs to Flooring Protocol, as “newly added assets may still be at risk. Some NFTs that were grabbed by Yuga Labs are believed to be in attackers’ hands, but those valued at more than $500,000 were successfully recovered. The rescue effort, however, has saved from further losses on the vulnerable pools.
This latest incident joins a long list of security problems that have been a concern for Flooring Protocol, which has previously been the victim of an NFT-related exploit, estimated to have cost the platform some $1.5 million. As for high-profile collections like Bored Ape Yacht Club, owned by Yuga Labs, they are still the target of cybercriminals, continuing to be the subject of security concerns in the NFT sector.
Conclusion
The NFTs have been recovered with a coordinated whitehat effort and more than $500,000 worth of NFTs were recovered by Yuga Labs, but some assets are still in the hands of the attackers. In response to the recent exploit in the NFT space, the company is still engaged in cooperation with Flooring Protocol to patch the vulnerabilities, retrieve any remaining items, and improve the security measures.
Follow us on Twitter and LinkedIn, and join our Telegram channel to be instantly informed about breaking news!
Summary
- Yuga Labs successfully saved more than $500,000 worth of NFTs following an exploit at Flooring Protocol.
- This vulnerability enabled an attacker to create an overabundance of fpTokens and drain NFT-backed pools.
- Developers are fixing the flaw before returning recovered NFTs to owners.
Glossary of Key Terms
Yuga Labs
NFT company behind Bored Ape Yacht Club.
Flooring Protocol
NFT protocol affected by a security exploit.
NFT
Unique digital asset on blockchain.
Whitehat Rescue
Ethical recovery of hacked assets.
Exploit
Attack using system vulnerability.
fpToken
NFT-backed token used in protocol.
WETH
Wrapped form of Ethereum (ETH).
Ghost Ownership
False NFT ownership validation bug.
Liquidity Pool
Locked assets used for trading.
BitmapPunks
NFT project affected by exploit.
Frequently Asked Questions about Yuga Labs
1. What happened to Flooring Protocol?
It was exploited, exposing NFT-backed pools to attackers.
2. How did Yuga Labs respond?
Yuga Labs ran a whitehat rescue and secured $500K+ NFTs.
3. What caused the exploit?
Flaws in ownership verification led to token inflation and abuse.
4. Will NFTs be returned?
Yes, after Flooring Protocol fixes the vulnerability and confirms security.
References
Disclaimer
The article is purely informational and it is not a financial, investment, or a trading advice. Cryptocurrencies are extremely risky and volatile. Before investing, the readers are to conduct personal research and seek the advice of a qualified financial expert.
The price predictions and financial analysis presented on this website are for informational purposes only and do not constitute financial, investment, or trading advice. While we strive to provide accurate and up-to-date information, the volatile nature of cryptocurrency markets means that prices can fluctuate significantly and unpredictably.
You should conduct your own research and consult with a qualified financial advisor before making any investment decisions. The Bit Journal does not guarantee the accuracy, completeness, or reliability of any information provided in the price predictions, and we will not be held liable for any losses incurred as a result of relying on this information.
Investing in cryptocurrencies carries risks, including the risk of significant losses. Always invest responsibly and within your means.
For advertising inquiries, please email . [email protected] or Telegram
